Privacy Policy

Effective: October 2025 Last Updated: October 2025

TediousTech Solutions LLC (“we,” “us,” or “our”) operates the website tedioustech.solutions. This Privacy Policy explains how we collect, use, and protect your information.

1. Who We Are

Legal Entity: TediousTech Solutions LLC Address: Tampa, Florida, United States Privacy Contact / DPO: Logan Meriwether Email: security@tedioustech.solutions

2. What We Collect and Why

We only collect the minimum information needed to operate our services.

Type of Data	Examples	Purpose	Lawful Basis
Account & Auth Data	Email, password (hashed)	Register and authenticate users via Supabase	Contract / Legitimate Interest
Scheduling Data	Name, email, selected time slot	Confirm meetings and send reminders	Contract / Legitimate Interest
Billing Data	Payment details via Stripe	Process transactions securely	Contract / Legal Obligation
Email & Delivery Data	Open, click, bounce events	Ensure emails are delivered successfully	Legitimate Interest
Analytics & Telemetry	Session ID, device, region, route, UTM parameters	Improve site performance and understand usage	Consent (where required)

We do not store IP addresses in analytics and we do not share personal data with third-party advertisers.

3. How We Collect Data

Directly from you when you create an account, schedule a meeting, or contact us.
Automatically through a first-party analytics system (no third-party trackers).
Via integrations such as Google Calendar (for meetings) and Stripe (for payments).

4. Cookies and Tracking

We use only essential and first-party analytics cookies.

session_id (anonymous) – maintains your browsing session.
consent_status – records your cookie preferences.
No advertising or cross-site tracking cookies.
We honor browser Do Not Track (DNT) and Global Privacy Control (GPC) signals.

In regions requiring consent (e.g., EU/UK), analytics and preference cookies are blocked until you opt in.

5. How We Use Analytics

We log website visits to understand performance and improve services. Our event logs include: requestid, sessionid, route, UTM, device type, browser, and derived region. No IP addresses or names are stored. Retention: 180 days, then securely deleted via automated job.

6. How We Send Emails

Transactional emails (meeting confirmations, reminders, and updates) are sent through Resend.

You can opt out of non-essential messages anytime.

From: notify@tedioustech.solutions or meetings@tedioustech.solutions
Webhooks collect delivery metrics (open, click, bounce) for reliability only.

7. How We Share Data

We share data only with our processors under signed agreements:

Processor	Purpose	Location	Policy
Supabase	Authentication, database, analytics	US/EU (PostgreSQL)	https://supabase.com/privacy
Vercel	Hosting and edge delivery	Global (US/EU)	https://vercel.com/legal/privacy-policy
Google	Calendar/Meet scheduling	Global	https://policies.google.com/privacy
Resend	Transactional emails	US	https://resend.com/privacy
Stripe	Payment processing	US/EU	https://stripe.com/privacy

Each acts as a data processor under a data processing agreement.

8. Retention

Category	Retention Period
Analytics	180 days
Meeting Records	1 year
Temporary Holds	7 days
Account Data	Active period + 1 year after closure
Billing Data	As required by law (usually 7 years)
Email/Webhook Logs	Up to 1 year, unless legal obligations require longer

9. International Data Transfers

Your data may be processed in the U.S. or other locations. Where required, we rely on Standard Contractual Clauses (SCCs) to ensure equivalent protection under GDPR and UK GDPR.

10. Your Rights

Depending on your region, you may have the right to: access or export your data; request correction or deletion; restrict or object to processing; opt out of data sharing or sale (California). To make a request, email security@tedioustech.solutions. We verify identity via your account email and respond within 30 days.

11. Children

Our services are not directed to children under 16. We do not knowingly collect information from minors.

12. Security

We use Supabase Row-Level Security (RLS), HTTPS, and encrypted database connections. Access to personal data is role-based and audited.

13. Updates to This Policy

We may update this policy as our services evolve. Changes will be posted here with a revised “Last Updated” date.

14. Contact Us

For privacy questions, contact: security@tedioustech.solutions

15. References

This policy complements our future Terms of Service (/terms) and Data Processing Addendum (/dpa).

Appendix A — Data Inventory & Flows

Table / System	Categories of Data	Purpose	Lawful Basis	Retention	Recipients / Transfers	Security Notes
meetings	Name, email, time, rep_email	Scheduling and confirmation	Contract	1 year	Google Calendar	Encryption, RLS
slot_holds	Email, hold_id, time	Reserve temporary slot	Legitimate Interest	7 days	None	Auto-expire
clientrepmap	Internal mapping of rep to client	Scheduling logic	Legitimate Interest	1 year	Internal only	RLS
reptimeoff	Date ranges, rep_email	Block unavailable slots	Legitimate Interest	1 year	Internal only	RLS
analytics.event_log	Session_id, route, region, UTM, device	Improve UX	Consent / Legitimate Interest	180 days	Internal only	No IPs; cron deletion
analytics.email_events	Send/deliver/open/click	Ensure delivery	Legitimate Interest	1 year	Resend	Secure webhook
stripe.billing	Payment ID, email, timestamp	Process payments	Contract	7 years	Stripe	PCI DSS compliance

Appendix B — Cookie & Consent Specification

Cookies

Cookie	Purpose	Duration	Category
session_id	Anonymous session identifier	Session	Strictly Necessary
consent_status	Records user consent choices	6 months	Functional
vercelgeo	Used internally to derive region (no storage)	Request only	Functional

Consent Behavior

Regions requiring explicit consent: EU/EEA, UK, CH, CA-QC.
Env: ANALYTICSCONSENTREGION_LIST = full list of ISO codes as configured in env.
Banner blocks analytics until consent in those regions; elsewhere soft opt-in.
Always respect DNT/GPC (DNTRESPECT=true, GPCRESPECT=true).
Consent stored client-side in consent_status.
Preferences modal toggles Analytics and “Do Not Sell/Share My Info” (CCPA).

Banner UI Copy

We use cookies to run our site and improve your experience. Manage your preferences or read our Privacy Policy (/privacy).

Buttons:

Accept All
Manage Preferences
Reject Non-Essential